Submission Summary:

• Submission details:
• Submission received: 1 May 2012, 11:22:16
• Processing time: 11 min 7 sec
• Submitted sample:
• File MD5: 0xAC77EB87D763EAE25CD4D24E7285D1AB
• File SHA-1: 0xDB8A8078EFCE0FF6A766D4E1ADE61D10707C938B
• Filesize: 463,080 bytes

• Summary of the findings:

What's been found	Severity Level
Downloads/requests other files from Internet.
Creates a startup registry entry.
Registers a 32-bit in-process server DLL.

Technical Details:

File System Modifications

• The following files were created in the system:

#	Filename(s)	File Size	File Hash	Alias
1	%CommonAppData%\Anti-phishing Domain Advisor\guid.dat	38 bytes	MD5: 0x57D8265284734BD29F438B2E34E5729F SHA-1: 0xF68ED55266A53CBD230FCA8D849981CE6941844A	(not available)
2	%CommonAppData%\Anti-phishing Domain Advisor\uninstall.exe	91,768 bytes	MD5: 0xE74ACC88A5F91340E5A4F13377C19128 SHA-1: 0xF8DF29130874386E3CEA87CB3E777DA1689A7BC3	(not available)
3	%CommonAppData%\Anti-phishing Domain Advisor\visicom_antiphishing.dll	309,416 bytes	MD5: 0xD899AFC8C5ABD5CC0CA0C544DA3F330A SHA-1: 0x1B8E8FBCC0D990FED7A4890872E5F12BFB028B5F	(not available)
4	%CommonAppData%\Anti-phishing Domain Advisor\visicom_antiphishing.exe	232,616 bytes	MD5: 0x6D935BE34F3FE8641403662B35575416 SHA-1: 0x27C727AA63A751259516F0F0593AB2B1F0C76B85	(not available)
5	%AppData%\blekkotb\guid.dat	38 bytes	MD5: 0x4AE46F14AA60B55A90D6A82B6932EC8E SHA-1: 0x92308110FB3665C35497ED15246B68A78507DB7C	(not available)
6	%Temp%\afterInstallCall.dat	2 bytes	MD5: 0x99914B932BD37A50B983C5E7C90AE93B SHA-1: 0xBF21A9E8FBC5A3846FB05B4FA0859E0917B2202F	(not available)
7	%Temp%\Antiphishing_1.0.0.0.exe	0 bytes	MD5: 0xD41D8CD98F00B204E9800998ECF8427E SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709	(not available)
8	%Temp%\blekko-manifest.xml %ProgramFiles%\blekkotb\manifest.xml	878 bytes	MD5: 0xDF8368E7791F84962C20A7E9801E554D SHA-1: 0xD356174E6D0D24A9228C0406969B35147C0B5DA5	(not available)
9	%Temp%\currenttime.dat	8 bytes	MD5: 0xC0B09EF75BEB1509E529BE6CD2198633 SHA-1: 0x3CDC1476EB3071332195E97BF6769889F8DC36A6	(not available)
10	%Temp%\ICReinstall\[filename of the sample #1] [file and pathname of the sample #1]	463,080 bytes	MD5: 0xAC77EB87D763EAE25CD4D24E7285D1AB SHA-1: 0xDB8A8078EFCE0FF6A766D4E1ADE61D10707C938B	packed with UPX [Kaspersky Lab]
11	%Temp%\is1598539481\1964308452.cfg	244 bytes	MD5: 0x084E82AC1766B317E093D49E6F7A66B4 SHA-1: 0x10B48C8615D1FB29209B487C5595A8351BC03A63	(not available)
12	%Temp%\is1598539481\52317_Setup.DAT %MyDocuments%\fkeylogger.zip	568,334 bytes	MD5: 0xD5FF8DB6E68AD00E82D7775DF04D1D7D SHA-1: 0x41BEA8626EF845E713BB473C375FBA2F066E513F	MonitoringTool [Ikarus]
13	%Temp%\is1598539481\52367_Setup.CIS	2,011,228 bytes	MD5: 0x21CF10C84FDC15F28DA40E7261A6F9C8 SHA-1: 0x2C4B77A8DB9794E8B2258D4FB1CBF4344DC3104C	(not available)
14	%Temp%\is1598539481\881789881.cfg	244 bytes	MD5: 0x90DBC9D50155B8DE49EF87F1E30E577D SHA-1: 0xDCC9AA4D23F330C4B1C5F977938F6415FD2A771E	(not available)
15	%Temp%\is1598539481\blekkoTb_1.0.0.12.exe	2,062,880 bytes	MD5: 0x50EC4FA0E1E60E3C0E87BE518392F958 SHA-1: 0xD2A62E021E6B93EAF1672CB2BC78A31B1B2F89DE	(not available)
16	%Temp%\ish210593\css\buttons.css	1,238 bytes	MD5: 0xE10BA3C9C951F5555528C9B291334879 SHA-1: 0xE231BE4624910387AAAE4301D856DAB528F8522C	(not available)
17	%Temp%\ish210593\css\ie6_main.css	475 bytes	MD5: 0xEC8BC9B61645C661B1BD3DCC8F781B30 SHA-1: 0x96D9124BF9D0D0F2E343A372ED3460F9F0C2A7CA	(not available)
18	%Temp%\ish210593\css\main.css	4,562 bytes	MD5: 0x1D7B7D4B58AE79B4C4CADDE36B409242 SHA-1: 0xE3531BB7B293DD813C4B1A5481E71CB40B0E316A	(not available)
19	%Temp%\ish210593\css\progress-bar.css	508 bytes	MD5: 0xE1FCF8B6066AF9A266AE34738ED5C000 SHA-1: 0x4D1079CCDFE311B77177BED54163C7CC73D7D1BE	(not available)
20	%Temp%\ish210593\defaultOffer\ad_html.txt	233 bytes	MD5: 0xE321D82C7629CFB1D714779402DD23DD SHA-1: 0xD8560FE919A0F62DBCA5FAE957654F34E4D2F065	(not available)
21	%Temp%\ish210593\defaultOffer\images\techtracker.jpg	26,693 bytes	MD5: 0x199832D24E8AA5EC99AE079E8BB5B1E7 SHA-1: 0x8DE13A46F38035B0D02E27A0656CC1E584787807	(not available)
22	%Temp%\ish210593\defaultOffer\TechTracker\TechTracker_code.txt	2,966 bytes	MD5: 0xE695AFF87DE58D140142A47F4F4BA207 SHA-1: 0xE09D03AEE8B62B6AB56C7B7A2F1956A8BDA74CD1	(not available)
23	%Temp%\ish210593\defaultOffer\TechTracker\TechTracker_html.txt	1,021 bytes	MD5: 0xD60E47EEE106B761F7D7676CE8E12A2D SHA-1: 0x2A458683BA295C7DB0A6615E8CDB567B79F2C4FD	(not available)
24	%Temp%\ish210593\images\green_btn.png	485 bytes	MD5: 0xB570EA77375823BE8510C0F27768ED62 SHA-1: 0x096ED270C93AD811039738B7FB53E05EAAE7F4BB	(not available)
25	%Temp%\ish210593\images\grey_btn.png	360 bytes	MD5: 0x501821D95E958528FED4747E4190B39F SHA-1: 0x70E3C15D3CE5853A67AA741EC701D3AF307D7BD9	(not available)
26	%Temp%\ish210593\images\loader.gif	7,791 bytes	MD5: 0xEDB71146254D3B8EBAE18607E801398C SHA-1: 0x8775027DA6F6CC19C72D20C7F1615A01112E5D3C	(not available)
27	%Temp%\ish210593\images\main.png	22,145 bytes	MD5: 0x1A2AD75C0AF449D5719473655EF5AF04 SHA-1: 0x82C5BA738B9CD2508EA2D69DA7985D586A4F0DCA	(not available)
28	%Temp%\ish210593\images\offer_box2.png	3,024 bytes	MD5: 0x61F74251810068CB9EDAEAADA3C50D29 SHA-1: 0x3B779B8E723CA1E1E73AC534A2D415A18FB2DB6E	(not available)
29	%Temp%\ish210593\images\pause_btn.png	982 bytes	MD5: 0x14B92CBE22EF5A31A5533D0AB114537E SHA-1: 0xE428F1B0236F7A85FAF045237A7CD29A305D936C	(not available)
30	%Temp%\ish210593\images\prod-icon.png	4,622 bytes	MD5: 0xEF430C7CB8DAD930F9E51941593B2AF2 SHA-1: 0x03CA0848FD18014781B7C1DA5064A761E1F317F8	(not available)
31	%Temp%\ish210593\images\progress_bar.png	456 bytes	MD5: 0x26588A39E960E2F5BA70FC082A8F02AF SHA-1: 0x116B62C07995D60F9BFC492296CC9C5C5A1AD26A	(not available)
32	%Temp%\ish210593\images\resume_btn.png	985 bytes	MD5: 0x05E22E0225F53B69A44B443540C20324 SHA-1: 0xAF5EB7EBF4F053B17D19A678EC84C329E632B2DF	(not available)
33	%Temp%\ish210593\images\secure_dwnl.png	2,862 bytes	MD5: 0x6F2B1F7689B06EEF2D9C4E5E00B9EE2E SHA-1: 0xBDB0B30006AF53427194EA79F0615992CB84A99B	(not available)
34	%Temp%\ish210593\images\welcome_prod_box.png	1,593 bytes	MD5: 0x93791BDB5453514A501AD84985B69824 SHA-1: 0x4FD167C14DDBC76472082C3C5ADB37052C96D6C0	(not available)
35	%Temp%\ish210593\images\zip_icon.png	943 bytes	MD5: 0xA17CADDBEE24EF3FFB3DAA1D12EF3933 SHA-1: 0x728D11A32C5610D0362E9AED32F6F376CAD937DF	(not available)
36	%Temp%\ish210593\locale\EN.locale	2,450 bytes	MD5: 0x5128DACAA4884C07897B2A14E924CE2D SHA-1: 0x383A9A3F9EC01FA528A206802F75518638D79669	(not available)
37	%Temp%\ish210593\mask.bmp.Mask	196 bytes	MD5: 0x6A385B06B6108CD109828A9F5F9FBE4C SHA-1: 0x8003481E740E7E02F32DF1C6866E0809BF59B1A9	(not available)
38	%Temp%\ish210593\sdk\exceptlist.txt	34 bytes	MD5: 0xF01863CCE9F2A2E4DCEF02F285E561AF SHA-1: 0xE2CBA65BE3F487E3760CF8D9247D3F4F73FF8174	(not available)
39	%Temp%\nsj4.tmp\nsProcess.dll	4,096 bytes	MD5: 0x05450FACE243B3A7472407B999B03A72 SHA-1: 0xFFD88AF2E338AE606C444390F7EAAF5F4AEF2CD9	(not available)
40	%Temp%\nsj4.tmp\UAC.dll %Temp%\nsjB.tmp\UAC.dll	16,896 bytes	MD5: 0x0D422E0C03A7D9428C6C02175D7DC9F8 SHA-1: 0x5E13D49521CFBBE52CD74DE8E1682789F0268969	(not available)
41	%Temp%\nsjA.tmp	5,429,634 bytes	MD5: 0x62C9D5A95DF53AEAE4428221F6A7B320 SHA-1: 0xE119E634BBEC8A5DA814675570CB8E6AFC016D48	(not available)
42	%Temp%\nsjB.tmp\features.txt	704 bytes	MD5: 0x81C76135E53A812A15BA9C49D58EED3A SHA-1: 0x433AA3FB1440080DB33A842CDEDE29E5A7FF4AF3	(not available)
43	%Temp%\nsjB.tmp\InetLoad.dll	17,408 bytes	MD5: 0xE241424579FDFD683F0ADFF02B7483A8 SHA-1: 0xC4CDE72B3E5E34730A41D43383D1234279DFF1F6	(not available)
44	%Temp%\nsjB.tmp\intro-banner.bmp	85,328 bytes	MD5: 0x992C923E4364DC35C88690F1F01D9393 SHA-1: 0xB13A4C63D8B1946360F4FDB8C18CB84AA7F5B613	(not available)
45	%Temp%\nsjB.tmp\intro-prod.bmp	484,666 bytes	MD5: 0xA8E559D2577A3B427C1A650557C30A14 SHA-1: 0x5465E97A3394B5923A43728E269FBD218557C87C	(not available)
46	%Temp%\nsjB.tmp\ioSpecial.ini	0 bytes	MD5: 0xD41D8CD98F00B204E9800998ECF8427E SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709	(not available)
47	%Temp%\nsjB.tmp\nsProcess.dll	0 bytes	MD5: 0xD41D8CD98F00B204E9800998ECF8427E SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709	(not available)
48	%Temp%\nsjB.tmp\System.dll	11,264 bytes	MD5: 0xC17103AE9072A06DA581DEC998343FC1 SHA-1: 0xB72148C6BDFAADA8B8C3F950E610EE7CF1DA1F8D	(not available)
49	%Temp%\nsjB.tmp\xml.dll	26,624 bytes	MD5: 0xFBDA05AA26E02D38EFFB82294E83EA69 SHA-1: 0xAA2291ACE177515173315668480C74442E21549D	(not available)
50	%Temp%\nsmD.tmp	0 bytes	MD5: 0xD41D8CD98F00B204E9800998ECF8427E SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709	(not available)
51	%Temp%\nsn8.tmp %Temp%\nsvF.tmp	0 bytes	MD5: 0xD41D8CD98F00B204E9800998ECF8427E SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709	(not available)
52	%Temp%\{26c9e18c-3717-4be1-a225-04e4471f5b6e}\geodata.xml	201 bytes	MD5: 0x245036D5ACA72304BE9A62110F3651EC SHA-1: 0x81A8DFADDDC56DD040BF7A46AFCC1CA4B58E042D	(not available)
53	%ProgramFiles%\blekkotb\auxi\blekkoAu.dll	262,312 bytes	MD5: 0xB44898052C51EE68B854D030B65DF196 SHA-1: 0x81E1C67AFFF8F1ADDEA8F345D86816853B441DF0	(not available)
54	%ProgramFiles%\blekkotb\auxi\config.xml	274 bytes	MD5: 0xFF80E6EED0C0FA47511DFE6B3B079677 SHA-1: 0xFB09E96F021D2081F95E27F2F95946BA438D06A1	(not available)
55	%ProgramFiles%\blekkotb\blekkoDx.dll	86,696 bytes	MD5: 0xA5822643CEA8BD8774A1DC0D677ABA72 SHA-1: 0x348611DC4BFBC2F3D0CF1F7DA866CCA83CAEFFEE	(not available)
56	%ProgramFiles%\blekkotb\blekkotb.dll	438,952 bytes	MD5: 0xF83E27ACDBA5FE18B51DF4A5FC4B2B7E SHA-1: 0xFD15F6D3361B211A5FE6BA8FDF30D93966CD2E61	(not available)
57	%ProgramFiles%\blekkotb\chrome\content\custom.js	8,749 bytes	MD5: 0x5B39BEA118C907AB7E7FA292A81AB4EC SHA-1: 0xE174276C0D581621968A624F1902318198A4A8B6	(not available)
58	%ProgramFiles%\blekkotb\chrome\content\lib\about.xml	4,921 bytes	MD5: 0x066A271DC0C17AFC6FF0A3F091C9902A SHA-1: 0x6480FB2E8510D4F778CA5F012860F892617A83BA	(not available)
59	%ProgramFiles%\blekkotb\chrome\content\lib\dtxpanel.xul	573 bytes	MD5: 0x95EC17707A727FD33987BE7A07194E92 SHA-1: 0x2526B93671448EBBB03818DE9B57FBEE75CE561A	(not available)
60	%ProgramFiles%\blekkotb\chrome\content\lib\dtxpaneltransparent.xul	653 bytes	MD5: 0x239C5696C7BB0580A6CB81A077253AC0 SHA-1: 0x9314294B26FDD45823445211EAD848E4A133EEC4	(not available)
61	%ProgramFiles%\blekkotb\chrome\content\lib\dtxpanelwin.xul	407 bytes	MD5: 0x13CD2406BFF36932421ADA94CFF51556 SHA-1: 0x7C249E08B47E51D7B993875DB028356018CEE468	(not available)
62	%ProgramFiles%\blekkotb\chrome\content\lib\dtxprefwin.xul	307 bytes	MD5: 0x65A2F4FC8403318A42176E623853E322 SHA-1: 0x9BA85F8C0715A7A96D9E1807394BD4EB3345CD0B	(not available)
63	%ProgramFiles%\blekkotb\chrome\content\lib\dtxtransparentwin.xul	657 bytes	MD5: 0x2E3B30A89A70544F13F8E8A2048D32ED SHA-1: 0xB35227B784CA041DC34AF2F2305B8579D0E71EE6	(not available)
64	%ProgramFiles%\blekkotb\chrome\content\lib\dtxwin.xul	387 bytes	MD5: 0xC02FA8EF5FF25FC99F4C8591223E248A SHA-1: 0xBBF2A613D4C430AD3D23CAE7E8BFB580CD55C12C	(not available)
65	%ProgramFiles%\blekkotb\chrome\content\lib\emailnotifierproviders.xml	1,639 bytes	MD5: 0xE842A242EDE1EA20759503A099052D38 SHA-1: 0xCA593FA3E5E4AB0D5B247F96E78E0015CCD2608B	(not available)
66	%ProgramFiles%\blekkotb\chrome\content\lib\external.js	552,905 bytes	MD5: 0x73CD3924278919DBDA6D3A107B0CED58 SHA-1: 0xD962E1A21C44A429B1AE4D0E4B3CF91279B576D1	(not available)
67	%ProgramFiles%\blekkotb\chrome\content\lib\neterror.xhtml	344 bytes	MD5: 0xF1D321A9DA995A49E2598A93AB98A2A3 SHA-1: 0x0622F31733225F4D036D63D0AA534104B8B53081	(not available)
68	%ProgramFiles%\blekkotb\chrome\content\lib\rsspreview.html	241 bytes	MD5: 0x300D38768E03CEE1C370445BBED68D8C SHA-1: 0xC3D74B867681F0C22E0C03E93D999C7002042473	(not available)
69	%ProgramFiles%\blekkotb\chrome\content\lib\rsswin.xml	2,602 bytes	MD5: 0xFFA19686935085E9ADDF613AEACC7E65 SHA-1: 0x8BAC907152C20038539804C28BCD4B6690262E72	(not available)
70	%ProgramFiles%\blekkotb\chrome\content\lib\rsswin.xsl	7,474 bytes	MD5: 0xA8C5A0F0E6A5D0E64DD0178344B97531 SHA-1: 0x16C18DEEF77CADDE15F96E88E90CDDF5D8EADF68	(not available)
71	%ProgramFiles%\blekkotb\chrome\content\modules\datastore.jsm	5,119 bytes	MD5: 0x7A6AEE7DA660ACC949996E85545B90BC SHA-1: 0xDEA859794EBBB5B59996245BC8E1C77BECBD0F2C	(not available)
72	%ProgramFiles%\blekkotb\chrome\content\modules\nsDragAndDrop.js	22,187 bytes	MD5: 0x9331B476499A8BDDE92248B7B4C43CB6 SHA-1: 0x7A2313EED6F18A613D9FB73DB1A321E1DBA0D3C3	(not available)
73	%ProgramFiles%\blekkotb\chrome\content\newtab\images\btn_search.gif	2,671 bytes	MD5: 0x3A34F255095637382ABB7479C71A0EA7 SHA-1: 0xF40BA3A9C06AF7D63D8EB9A3EB3EA355D553C426	(not available)
74	%ProgramFiles%\blekkotb\chrome\content\newtab\images\bullet.gif	45 bytes	MD5: 0xDA1A3193AE2D96A96DBDB8E93921D201 SHA-1: 0x256D453A9A10BE1927EFA0A461BAB1C6A016FA36	(not available)
75	%ProgramFiles%\blekkotb\chrome\content\newtab\images\field_bg.gif	389 bytes	MD5: 0xB29878732B5BB33457F55CF5977C9448 SHA-1: 0xED7F9BAEF341536D53D30B7D9EFE59EED33727E2	(not available)
76	%ProgramFiles%\blekkotb\chrome\content\newtab\images\powered_by_yahoo.gif	1,029 bytes	MD5: 0x0854AF6254DC1C7040B2B2EC57FD135F SHA-1: 0xB5276943EB659F8A2806CEF454BA3A82C176D59A	(not available)
77	%ProgramFiles%\blekkotb\chrome\content\newtab\newtab.html	10,958 bytes	MD5: 0xC0AA70E65C2F90A7CAEFA67BB0192873 SHA-1: 0x55AB861FE7CC0CBB3BFB1FF8CC435A58B1BDA386	(not available)
78	%ProgramFiles%\blekkotb\chrome\content\preferences.xml	663 bytes	MD5: 0xF7725A8FD65327FBD2DC578958D4FB2D SHA-1: 0x70A6589C6B66C55439B0A02359A20342E27A8BF3	(not available)
79	%ProgramFiles%\blekkotb\chrome\content\toolbar.htm	631 bytes	MD5: 0xBAFF789DC96EB9843679D135E865C0D0 SHA-1: 0xEC898E42152CED6B02120CEC7A4B16E177D695E7	(not available)
80	%ProgramFiles%\blekkotb\chrome\content\toolbar.xul	553,681 bytes	MD5: 0x8B31BA91A0393AB74EF08631F053C165 SHA-1: 0x381651B1B1B8A405FD214F8EDAEA124FA9251DC0	(not available)
81	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\css\dialog.css %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\css\dialog.css	4,617 bytes	MD5: 0x85E442DB22E79AB9A933EE1661694957 SHA-1: 0xCB077C2427AA303E157E834C7B777FBF36C2ACFF	(not available)
82	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\arrow-grey.png %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrow-grey.png %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrow-grey.png %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrow-grey.png	216 bytes	MD5: 0x93A9594D662E46C469CCE305BEE633A4 SHA-1: 0x72D66435320059EAB467384D21D683D4A7BED133	(not available)
83	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\arrows_grey-left.gif %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrows_grey-left.gif %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-left.gif %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrows_grey-left.gif	175 bytes	MD5: 0x41F85B4A728F76041B5E261A62CDE981 SHA-1: 0xB1D1AEC331B43A1E76C635AC67350A3DC10B84D9	(not available)
84	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\arrows_grey-right.gif %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrows_grey-right.gif %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-right.gif %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrows_grey-right.gif	120 bytes	MD5: 0x2AFDE8BF7BF1E50285E272DA05FC4C3E SHA-1: 0x73E5809B0ED33E7181F8A57295722CD9861E6844	(not available)
85	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\bg.gif	1,814 bytes	MD5: 0xA49CFBDF6ACEF6B36406F9BAA738B002 SHA-1: 0x36E6A2A512A7D9EE1FBA3B0D9511BCA3D3196AD3	(not available)
86	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\btn-search-over.png %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\btn-search-over.png	1,457 bytes	MD5: 0xA5E46071EFDD952C700009C5855BAB21 SHA-1: 0xC93D0243F09120CCD15AB52D4E566B0BADB589DE	(not available)
87	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\btn-search.png %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\btn-search.png	1,981 bytes	MD5: 0xBD29344AE6BECAE4821196BD0D8FFFB9 SHA-1: 0x7E527903E3187EC1A1336FC62286C0C6C7FBD654	(not available)
88	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\throbber.gif %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\throbber.gif %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\throbber.gif	4,176 bytes	MD5: 0xEBDFC31F9FBC9848AB637C12D0119A9A SHA-1: 0x4D4DDDED1F429530E8205D1950D781FA4F32E1FF	(not available)
89	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\index.html	612 bytes	MD5: 0xECF47C985F922B4353D3A5D98DA1075E SHA-1: 0x1EFE6335FFA8B2FCA0683FD684585CBEB073CB11	(not available)
90	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\css\dialog.css	3,528 bytes	MD5: 0x3EE900FB5A9C90984D4C180A7ACFACCD SHA-1: 0x95673F8432F16BDAD731E5557BED13E22B3B1DA2	(not available)
91	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\1x1_transparent.png	126 bytes	MD5: 0x2002588119B8478D19ADC51FAEB45D21 SHA-1: 0xAEC019679F1F8BAFA8D0C769AFB1DFD4410769D6	(not available)
92	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\bg.gif	1,782 bytes	MD5: 0x66C3F2AC382ACCEEB14C8DDE57112ACB SHA-1: 0x0171D81A90D80BDAD85898AA2617CC49C7CF5637	(not available)
93	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn-search.png	49,773 bytes	MD5: 0xDFA0C68826162BFCC1C493624B0B0082 SHA-1: 0xD6346F7DA4120F21E032D05D7393C6A32A15D13D	(not available)
94	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn-wide-close-over.png	49,488 bytes	MD5: 0xE144769EA9E6693E289FFFADE417E4AB SHA-1: 0x10816B3437FE23C20A97B04B95F9873E28F6AF5E	(not available)
95	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn-wide-close.png	48,603 bytes	MD5: 0x5D8C66D3034CB36A07C953D70ED4B916 SHA-1: 0xBAFAC8282C7C7CADD221367E25FD9E2F17F0759A	(not available)
96	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn_close_x.gif	352 bytes	MD5: 0xEE7EEE8F8D078C61E6B9456CCDF0C474 SHA-1: 0xF635571BB9A2B97076325479719E600153734AEB	(not available)
97	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\default.png	48,031 bytes	MD5: 0x3E92D10248D63067AAF9A04DA1A3552C SHA-1: 0x0EF9181C9716DFD951BF22A0F3F6B8F0A4A60D7B	(not available)
98	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\transparent.gif %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\transparent.gif %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\transparent.gif %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\transparent.gif %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\transparent.gif %ProgramFiles%\blekkotb\chrome\skin\lib\panels\default\images\transparent.gif	49 bytes	MD5: 0x3D045B93716ED28DC745E648B3428A26 SHA-1: 0x36955B7E83FF9F5053CF23BD870D720A598C53AA	(not available)
99	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-left.png	47,079 bytes	MD5: 0x1C7F55510E4E46B860CB222DA1929C0A SHA-1: 0xA3752B714C5EC92D257B9C5B896CED3477B4901E	(not available)
100	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-mdl.png	46,958 bytes	MD5: 0x8162076754549379792A547C3311C378 SHA-1: 0x6732B7BD38760365C69EB0D70B5E5F5004929670	(not available)

• Notes:
• %CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.
• %AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
• %Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
• %ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
• %MyDocuments% is a variable that refers to the file system directory used to physically store a user's common repository of documents. A typical path is C:\Documents and Settings\[UserName]\My Documents.

• The following directories were created:
• %Temp%\ish210593
• %Temp%\nsjB.tmp
• %CommonAppData%\Anti-phishing Domain Advisor
• %AppData%\blekkotb
• %Temp%\ICReinstall
• %Temp%\is1598539481
• %Temp%\ish210593\css
• %Temp%\ish210593\defaultOffer
• %Temp%\ish210593\defaultOffer\images
• %Temp%\ish210593\defaultOffer\TechTracker
• %Temp%\ish210593\images
• %Temp%\ish210593\locale
• %Temp%\ish210593\sdk
• %Temp%\nsj4.tmp
• %Temp%\nsmE.tmp
• %Temp%\{26c9e18c-3717-4be1-a225-04e4471f5b6e}
• %ProgramFiles%\blekkotb
• %ProgramFiles%\blekkotb\auxi
• %ProgramFiles%\blekkotb\chrome
• %ProgramFiles%\blekkotb\chrome\content
• %ProgramFiles%\blekkotb\chrome\content\lib
• %ProgramFiles%\blekkotb\chrome\content\modules
• %ProgramFiles%\blekkotb\chrome\content\newtab
• %ProgramFiles%\blekkotb\chrome\content\newtab\images
• %ProgramFiles%\blekkotb\chrome\content\widgets
• %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap
• %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\css
• %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images
• %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin
• %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\css
• %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images
• %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\scripts
• %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2
• %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\css
• %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images
• %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js
• %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin
• %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\css
• %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images
• %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\scripts
• %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Grooveshark
• %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Messaging
• %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin
• %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\css
• %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\images
• %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\scripts
• %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook
• %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\css
• %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images
• %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\js
• %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin
• %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css
• %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images
• %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts
• %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.RadioBeta
• %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Twitter
• %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\css
• %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images
• %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\js
• %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin
• %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\css
• %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images
• %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\scripts
• %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2
• %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\css
• %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images
• %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\js
• %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin
• %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\css
• %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images
• %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\scripts
• %ProgramFiles%\blekkotb\chrome\data
• %ProgramFiles%\blekkotb\chrome\data\search
• %ProgramFiles%\blekkotb\chrome\skin
• %ProgramFiles%\blekkotb\chrome\skin\lib
• %ProgramFiles%\blekkotb\chrome\skin\lib\panels
• %ProgramFiles%\blekkotb\chrome\skin\lib\panels\css
• %ProgramFiles%\blekkotb\chrome\skin\lib\panels\default
• %ProgramFiles%\blekkotb\chrome\skin\lib\panels\default\css
• %ProgramFiles%\blekkotb\chrome\skin\lib\panels\default\images
• %ProgramFiles%\blekkotb\chrome\skin\lib\panels\default\scripts
• %ProgramFiles%\blekkotb\chrome\skin\lib\panels\images
• %ProgramFiles%\blekkotb\chrome\skin\lib\uwa
• %ProgramFiles%\blekkotb\chrome\skin\lib\weatherbutton
• %ProgramFiles%\blekkotb\chrome\skin\lib\weatherbutton\icons
• %ProgramFiles%\blekkotb\chrome\skin\lib\weatherbutton\panels
• %ProgramFiles%\blekkotb\chrome\skin\lib\weatherbutton\panels\images
• %ProgramFiles%\blekkotb\chrome\skin\options
• %ProgramFiles%\blekkotb\components

Memory Modifications

• There was a new process created in the system:

Registry Modifications

• The following Registry Keys were created:
• HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26c9e18c-3717-4be1-a225-04e4471f5b6e}
• HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26c9e18c-3717-4be1-a225-04e4471f5b6e}\InprocServer32
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00f12770-e60e-4dc6-9105-425bface7c73}
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\blekkotb
• HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
• HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
• HKEY_CURRENT_USER\Software\AppDataLow
• HKEY_CURRENT_USER\Software\AppDataLow\Software
• HKEY_CURRENT_USER\Software\AppDataLow\Software\blekkotb
• HKEY_CURRENT_USER\Software\AppDataLow\Software\blekkotb\na
• HKEY_CURRENT_USER\Software\blekkotb
• HKEY_CURRENT_USER\Software\blekkotb\na
• HKEY_CURRENT_USER\${MUI_LANGDLL_REGISTRY_KEY}

• The newly created Registry Values are:
• [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26c9e18c-3717-4be1-a225-04e4471f5b6e}\InprocServer32]
• (Default) = "%ProgramFiles%\blekkotb\blekkoDx.dll"
• ThreadingModel = "Apartment"
• [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26c9e18c-3717-4be1-a225-04e4471f5b6e}]
• (Default) = "Spam Free Search Bar"
• [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00f12770-e60e-4dc6-9105-425bface7c73}]
• AppName = "uninstall.exe"
• AppPath = "%ProgramFiles%\blekkotb"
• Policy = 0x00000003
• [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
• Anti-phishing Domain Advisor = ""%CommonAppData%\Anti-phishing Domain Advisor\visicom_antiphishing.exe""

so that visicom_antiphishing.exe runs every time Windows starts

• [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor]
• Publisher = "Visicom Media Inc. (Powered by Panda Security)"
• DisplayVersion = "1.0.0.0"
• DisplayIcon = "%CommonAppData%\Anti-phishing Domain Advisor\uninstall.exe"
• DisplayName = "Anti-phishing Domain Advisor"
• InstallLocation = "%CommonAppData%\Anti-phishing Domain Advisor"
• UninstallString = "%CommonAppData%\Anti-phishing Domain Advisor\uninstall.exe"
• NoModify = 0x00000001
• NoRepair = 0x00000001
• [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\blekkotb]
• Publisher = "Visicom Media Inc."
• DisplayVersion = "1.0.0.12"
• DisplayIcon = "%ProgramFiles%\blekkotb\install.ico"
• DisplayName = "Spam Free Search Bar"
• InstallLocation = "%ProgramFiles%\blekkotb"
• UninstallString = "%ProgramFiles%\blekkotb\uninstall.exe"
• NoModify = 0x00000001
• NoRepair = 0x00000001
• EstimatedSize = 0x00000000
• [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}]
• URL = "http://blekko.com/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb&u=20120501BA1C48FAA636F4EAD155CC23&q={searchTerms}"
• DisplayName = "Blekko"
• FaviconURLFallback = "http://search.yahoo.com/favicon.ico"
• FaviconPath = "%ProgramFiles%\blekkotb\search.ico"
• SuggestionsURLFallback = "http://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}"
• ShowSearchSuggestions = 0x00000001
• [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
• DefaultScope = "{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}"
• [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
• blekkotb = "reg.exe delete "HKCU\Software\AppDataLow\Software\blekkotb" /f"
• blekkotb_XP = "reg.exe delete "HKCU\Software\blekkotb" /f"
• [HKEY_CURRENT_USER\Software\AppDataLow\Software\blekkotb\na]
• ne = 0x00000000
• ne4 = 0x00000000
• [HKEY_CURRENT_USER\Software\AppDataLow\Software\blekkotb]
• ve = 0x00000000
• lo = 0x00000000
• [HKEY_CURRENT_USER\Software\blekkotb\na]
• ne = 0x00000000
• ne4 = 0x00000000
• [HKEY_CURRENT_USER\${MUI_LANGDLL_REGISTRY_KEY}]
• ${MUI_LANGDLL_REGISTRY_VALUENAME} = "1033"

• The following Registry Value was deleted:
• [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
• ITBarLayout = 11 00 00 00 36 00 00 00 00 00 00 00 34 00 00 00 1F 00 00 00 56 00 00 00 01 00 00 00 20 07 00 00 A0 0F 00 00 05 00 00 00 62 05 00 00 26 00 00 00 02 00 00 00 21 07 00 00 A0 0F 00 00 04 00 00 00 21 01 00 00 A0 0F 00 00 03 00 00 00 20 03 00 00 00 00 00 0

• The following Registry Value was modified:
• [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
• Start Page =

Other details

• There were registered attempts to establish connection with the remote hosts. The connection details are:

• The data identified by the following URLs was then requested from the remote web server:
• http://img.downloadcdn.com/img/RealPlayer/real_player.gif
• http://cdneu.downloadcdn.com.s3-external-3.amazonaws.com/ofr/Blekko_CNET_v1.0.0.12.cis
• http://blekko.com/a/toolbar?source=c3348dd4&tbp=duringinstall&toolbarid=blekkotb&u=20120501BA1C48FAA636F4EAD155CC23
• http://cdneu.downloadcdn.com/ofr/Blekko_CNET_v1.0.0.12.cis
• http://cdnus.downloadcdn.com/ofr/Blekko_CNET_v1.0.0.12.cis
• http://software-files-a.cnet.com/s/software//12/25/96/80/fkeylogger.zip?token=1336062157_ea29cc55b7da28d2a96f305389a85274
• http://i.i.com.com/cnwk.1d/i/tim/2011/10/24/7908070a764c0a0e791432571078a1edb5b3_free-keylogger-icon_32x32.gif
• http://os.downloadcdn.com/v2.0.0/?v=2.0&c=512967159
• http://os.downloadcdn.com/Images/ASK/toolbar2.png
• http://os.downloadcdn.com/Images/Blekko/Toolbar.png
• http://os.downloadcdn.com/Images/Blekko/Logo.png
• http://os.downloadcdn.com/Images/Blekko/InfoIcon.png
• http://rp.downloadcdn.com/?pcrc=1803295927
• http://rp.downloadcdn.com/?pcrc=814898267
• http://api.cnet.com/rest/v1.0/softwareProductLink?productSetId=10419683&partTag=dlm
• http://geoip.vmn.net/index.php?v=2&tb=blekkotb_1.0.0.12
• http://visicom.antiphishingdomain.com/update/blekkotb.xml
• http://blekko.applicationstat.com/date.php
• http://visicom_antiphising-blekkotb.applicationstat.com/postdata.php